βΌ CVE-2023-21026 βΌ
π Read
via "National Vulnerability Database".
In updateInputChannel of WindowManagerService.java, there is a possible way to set a touchable region beyond its own SurfaceControl due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-254681548π Read
via "National Vulnerability Database".
βΌ CVE-2023-21030 βΌ
π Read
via "National Vulnerability Database".
In Confirmation of keystore_cli_v2.cpp, there is a possible way to corrupt memory due to a double free. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-226234140π Read
via "National Vulnerability Database".
βΌ CVE-2023-21000 βΌ
π Read
via "National Vulnerability Database".
In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918π Read
via "National Vulnerability Database".
βΌ CVE-2023-21076 βΌ
π Read
via "National Vulnerability Database".
In createTransmitFollowupRequest of nan.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-261857623References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21078 βΌ
π Read
via "National Vulnerability Database".
In rtt_unpack_xtlv_cbfn of dhd_rtt.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254840211References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-20984 βΌ
π Read
via "National Vulnerability Database".
In ParseBqrLinkQualityEvt of btif_bqr.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242993878π Read
via "National Vulnerability Database".
βΌ CVE-2023-21060 βΌ
π Read
via "National Vulnerability Database".
In sms_GetTpPiIe of sms_PduCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-253770924References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21029 βΌ
π Read
via "National Vulnerability Database".
In register of UidObserverController.java, there is a missing permission check. This could lead to local information disclosure of app usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-217934898π Read
via "National Vulnerability Database".
βΌ CVE-2023-21008 βΌ
π Read
via "National Vulnerability Database".
In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257030100π Read
via "National Vulnerability Database".
βΌ CVE-2023-28444 βΌ
π Read
via "National Vulnerability Database".
angular-server-side-configuration helps configure an angular application at runtime on the server or in a docker container via environment variables. angular-server-side-configuration detects used environment variables in TypeScript (.ts) files during build time of an Angular CLI project. The detected environment variables are written to a ngssc.json file in the output directory. During deployment of an Angular based app, the environment variables based on the variables from ngssc.json are inserted into the apps index.html (or defined index file). With version 15.0.0 the environment variable detection was widened to the entire project, relative to the angular.json file from the Angular CLI. In a monorepo setup, this could lead to environment variables intended for a backend/service to be detected and written to the ngssc.json, which would then be populated and exposed via index.html. This has NO IMPACT, in a plain Angular project that has no backend component. This vulnerability has been mitigated in version 15.1.0, by adding an option `searchPattern` which restricts the detection file range by default. As a workaround, manually edit or create ngssc.json or run script after ngssc.json generation.π Read
via "National Vulnerability Database".
βΌ CVE-2023-20952 βΌ
π Read
via "National Vulnerability Database".
In A2DP_BuildCodecHeaderSbc of a2dp_sbc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-186803518π Read
via "National Vulnerability Database".
βΌ CVE-2022-40208 βΌ
π Read
via "National Vulnerability Database".
In Moodle, insufficient limitations in some quiz web services made it possible for students to bypass sequential navigation during a quiz attempt.π Read
via "National Vulnerability Database".
βΌ CVE-2023-28448 βΌ
π Read
via "National Vulnerability Database".
Versionize is a framework for version tolerant serializion/deserialization of Rust data structures, designed for usecases that need fast deserialization times and minimal size overhead. An issue was discovered in the Γ’β¬ΛVersionize::deserializeΓ’β¬β’ implementation provided by the Γ’β¬ΛversionizeΓ’β¬β’ crate for Γ’β¬Λvmm_sys_utils::fam::FamStructWrapper', which can lead to out of bounds memory accesses. The impact started with version 0.1.1. The issue was corrected in version 0.1.10 by inserting a check that verifies, for any deserialized header, the lengths of compared flexible arrays are equal and aborting deserialization otherwise.π Read
via "National Vulnerability Database".
βΌ CVE-2023-21062 βΌ
π Read
via "National Vulnerability Database".
In DoSetTempEcc of imsservice.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-243376770References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21055 βΌ
π Read
via "National Vulnerability Database".
In dit_hal_ioctl of dit.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244301523References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-21051 βΌ
π Read
via "National Vulnerability Database".
In dwc3_exynos_clk_get of dwc3-exynos.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-259323322References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2021-43315 βΌ
π Read
via "National Vulnerability Database".
A heap-based buffer overflows was discovered in upx, during the generic pointer 'p' points to an inaccessible address in func get_le32(). The problem is essentially caused in PackLinuxElf32::elf_lookup() at p_lx_elf.cpp:5349π Read
via "National Vulnerability Database".
βΌ CVE-2023-21067 βΌ
π Read
via "National Vulnerability Database".
Product: AndroidVersions: Android kernelAndroid ID: A-254114726References: N/Aπ Read
via "National Vulnerability Database".
βΌ CVE-2023-20963 βΌ
π Read
via "National Vulnerability Database".
In WorkSource, there is a possible parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-220302519π Read
via "National Vulnerability Database".
βΌ CVE-2023-21014 βΌ
π Read
via "National Vulnerability Database".
In multiple locations of p2p_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-257029326π Read
via "National Vulnerability Database".
βΌ CVE-2023-21070 βΌ
π Read
via "National Vulnerability Database".
In add_roam_cache_list of wl_roam.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254028776References: N/Aπ Read
via "National Vulnerability Database".